Tony Arcieri has a nice op-ed on his blog about signing Ruby Gems. If we all did that, it might have saved some of the grief with RubyGems.org a few days ago. The RubyGems team had to verify gems against known-good sources to ensure they weren't compromised. Signing gems would have helped a lot with that.

Since RubyGems was down, many applications could not be deployed to production late last week. But there is another way to not depend so critically on RubyGems without bloating your application’s repository by vendoring every gem. That’s the --deployment flag offered by Bundler. Steve Klabnik wrote up a nice piece explaining how to use that feature on his blog.

After two highly publicized security vulnerabilities involving YAML and Rails, Richard Schneeman — a ruby developer at Heroku — wrote up an explanation of how exploits happen, and how to report them. He also does a quick recap on how YAML works, how it creates Ruby Objects and how it was used as an attack vector before the vulnerabilities were patched.

Homebrew, the OS X package manager, is often the stepping stone to a Rails development environment. Their team is looking for money to help fund the testing of third-party formulas. Through a modest Kickstarter campaign, they hope to fund the purchase of a Mac mini to automate those tests.

Rails natively supports the sending of emails through ActionMailer, but if you’re looking to receive email with your application, it's a bit more involved. The new Griddler gem seems exciting because of its simplicity. It gives you access to the same kind of feature GitHub and Basecamp use for comment notifications.

Having a style guide for your developers to refer to makes it much easier whenever you need to add a small piece of content or a small feature to your site. It keeps things consistent and easy to find. Joe Nelson of Bendyworks aims to give you a “living, breathing styleguide for your site”.

Previous Episodes

Hold on to your butts! RubyGems got pwned. What else is going on this half of this week? Well, a new way to interrogate your arrays, some wise words about random numbers in Ruby, a multi-line memoization technique, asynchronous requests with Thin, and oh, by the way, your CSS is garbage.